Cross-Site Scripting Vulnerability in IBM Engineering Requirements Quality Assistant On-Premises
CVE-2020-4664

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
8 January 2021

Summary

IBM Engineering Requirements Quality Assistant On-Premises is affected by a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the web user interface. This issue can modify the website's functionality and may lead to the exposure of user credentials in a trusted session. Proper validation and sanitization of user input are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

Engineering Requirements Quality Assistant On-Premises

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.